Topic: HHS

JD Supra Corporate Brief: Cyber-Attack Technology, Anti-Corruption Landscape, D&O Safety Net, Health Care Enforcement

115 years ago today, the Pemberton Medicine Company – now known as the Coca-Cola Company – was incorporated. Drink up! Are your risk factor disclosures and forward looking statements adequate for today’s cyber-attack technology? (Tracy Crum and Alice Hsu at Akin Gump) In recent years there has been dramatic change to the global anti-corruption landscape… (Shanti… Read more »

JD Supra Corporate Brief: Stopping 23andMe Sales, Buying Privacy Liabilities, Changing Proxy Policies, Approving REIT Conversions

On November 27, 1924, the very first Macy’s Thanksgiving Day parade was held. As it should be… Happy Holidays! The FDA is routinely criticized in cases where regulation is perceived to stymy innovation. Shutting down 23andMe isn’t one of them… (Andrew Ittleman and Kelly Lightfoot, JD Supra Perspectives) Every mobile app that glitters is not… Read more »

Feds Say Health Plans Purchased on Insurance Marketplace Not “Federal Health Care Programs”

… but leave questions unanswered: On October 30, Secretary of the Department of Health and Human Services Kathleen Sebelius announced that qualified health plans (QHPs) purchased through the Insurance Marketplace are not considered to be “federal health care programs.” That may allow hospitals and other providers to help patients pay for coverage through the exchanges… Read more »

Expensive Lessons in Privacy Law: Affinity Health Pays $1.2 Million for Not Erasing Photocopier Hard Drives

Earlier this month, Affinity Health Plan agreed to pay the Department of Health and Human Services more than $1.2 million to settle violations of the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules. Affinity – a not-for-profit managed care plan – failed to erase the protected health information of nearly 350,000 individuals… Read more »

Employers Have Six Months to Comply with Wellness Program Final Rules – Are You Ready?

“The potential payoffs [from a wellness program] include savings in health care costs, decreased absenteeism and increased productivity.” (Holland & Knight) Late last month, the Departments of Labor, Treasury, and Health and Human Services issued final regulations to help employers avoid health-based discrimination when designing and implementing wellness programs. Five key takeaways for employers: 1.… Read more »

HIPAA Q&A: What’s the New Word on Data Breaches?

“The definition of a data ‘breach’ was changed. The Omnibus Rules replaced the more subjective ‘harm standard’ with a more objective test that requires the covered entity to determine (based on a four-factor risk assessment) whether protected health information has been ‘compromised.’” (Snell & Wilmer) One of the key components of the new HIPAA /… Read more »

Summary of Final Omnibus HIPAA/HITECH Rules

No time read all 563 pages of the US Department of Health and Human Services Office for Civil Rights’ HIPAA/HITECH Omnibus Rule? Here’s a summary of key points: Effective Date: “The Enforcement Rule changes are effective on March 26, 2013. The additional 180 days afforded for most of the provisions in the Final Rule apply… Read more »

New HIPAA Omnibus Rule Modifies Privacy and Breach Notification Requirements for Health Care Providers

“The Final Rule represents the most significant development in healthcare privacy law since the issuance of the final Privacy Rule and Security Rule a decade ago.” (Morgan Lewis) On January 17, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) released its final omnibus rule, strengthening the… Read more »

HIPAA Update: How to Turn Protected Health Information into Research Data

“HIPAA places tight restrictions on the use and disclosure of protected health information, but there are many ways to ‘de-identify’ it, freeing it from HIPAA’s constraints. Covered entities and business associates can use de-identification to reduce their exposure to HIPAA and expand their use of health data.” (Davis Wright Tremaine) On November 26, 2012, the… Read more »

Feds Propose New Guidance on Wellness Programs. Feel Better Now?

“Wellness programs take many forms; however, the common feature of all wellness programs is that they are designed to encourage healthier lifestyles, often by rewarding participants for attaining or improving certain health factors. Most wellness programs are subject to HIPAA’s nondiscrimination rules … [h]owever, the HIPAA nondiscrimination rules contain an exception whereby group health plans… Read more »

HIPAA Audit Report Gives Providers New Roadmap to Compliance

In late June 2012, the Department of Health and Human Services Office for Civil Rights published its long-awaited HIPAA compliance audit protocol. For covered entities and business associates, the protocol serves as a roadmap of practices and procedures that help ensure compliance and avoid fines and other sanctions. Law firm Mintz Levin: “The protocol addresses… Read more »

HIPAA Compliance: 5 Suggestions for Protecting Patient Data

Federal regulators are stepping up their enforcement of the Health Insurance Portability and Accountability Act (HIPAA), as a recent $100,000 fine levied on Phoenix Cardiac Services demonstrates. From law firm Mintz Levin: “The settlement reaffirms OCR’s commitment to enforcing the Privacy and Security Rules, and its willingness to sanction covered entities for HIPAA violations.” (The… Read more »

HIPAA Compliance: 6 Audit Questions (and Answers) for Covered Entities

Late last year, members of the Senate Judiciary Committee challenged regulators to step up enforcement of the Health Insurance Portability and Accountability Act: “… the Subcommittee made clear that the [Office for Civil Rights’] efforts fell far short of its expectations, pointing out that, of tens of thousands of HIPAA complaints received by OCR since… Read more »